Thursday, April 30, 2015

A nurse allegedly stole the identities of 900 patients of a Los Angeles mental health facility.

The stolen patient data included names, medical and insurance information, birth dates, Social Security numbers, diagnoses and other personal information. Although the breaches occurred from 20 2011 - 2015 they were discovered by law enforcement on April 3, 2015.

"Patients treated at the facility between 2011 and 2015 were affected by the breach." - spokesman for the LA County Department of Health Services

Unfortunately it is not unusual for law enforcement, rather than the organization holding patients' private data, to discover ID thefts. Organizations seeking to proactively detect identity thefts and privacy data breaches can utilize low-cost on-demand SaaS analytics services.

Wednesday, April 29, 2015

A New York nurse has been charged with stealing medical records in a desperate bid to keep her former boyfriend, a Tiger Woods impersonator, in a relationship.

She told him she was pregnant and showed him images of a positive pregnancy test, ultrasound and hospital lab work to prove it to him. However, the items she showed him came from patient records at the hospital where she was employed.

Unfortunately this seems to be another breach of patient privacy that was discovered by law enforcement, not the organization holding the personal health information (PHI). Healthcare organizations seeking to proactively detect data privacy breaches and identity thefts can utilize low-cost on-demand SaaS analytics services.

Tuesday, April 28, 2015

A Florida prison guard has been sentenced to three years behind bars for stealing inmates' IDs and using them to file fraudulent tax returns.

The identity thefts took place from 2008 - 2011. At the prison he had access to inmates personal identifying information (PII). He stole at least 50 inmate IDs and, working with a co-conspirator, obtained $350,000 in tax refunds.

"At the prison, [he] had access to prisoner records, including Social Security numbers." - Local 10 News

It is unclear who discovered the ID thefts and why they occurred for three years. Organizations seeking to proactively detect identity thefts and data privacy breaches can utilize low-cost on-demand SaaS analytics services.

Monday, April 27, 2015

A judge sentenced a Texas healthcare worker to more than 10 years in federal prison for stealing patient identities and using the information to claim unemployment benefits. This fraud has cost taxpayers more than $1.2 million in stolen benefits.

The woman, a transplant assistant, had access to information of patients and transplant donors and stole names, Social Security numbers and dates of birth.

"she had access to information of patients and [transplant] donors and stole names, Social Security numbers and dates of birth." - Court documents

The fraud was discovered when a victim tried to file for unemployment benefits. Rather than have identity theft discovered by a third party, organizations can proactively detect it with low-cost on-demand SaaS analytics services.

Friday, April 24, 2015

A former employee of a health insurance provider was found to have screenshots of patients' personally identifiable information (PII) on her mobile phone.

The identity thefts took place during the period from 2007-2013 but the insurance company did not know about the data thefts until December 2014 when they were notified by the IRS.

"the former employee’s personal cell phone was confiscated and pictures of screen shots from [the insurance company's] computer screens were found on it." - insurance company letter to attorney general's office

Unfortunately, third parties, rather than the organization holding the PII, are often the first to discover identity thefts. However, this is not the case for organizations that utilize low-cost on-demand SaaS analytics to proactively detect identity thefts and data privacy breaches, even when a mobile phone is used to capture screenshots.

Tuesday, April 21, 2015

Two hospital employees, who inappropriately accessed former Ontario Mayor Rob Ford's medical records, have been referred by the Office of the Information and Privacy Commissioner to the Attorney General for prosecution.

If the duo is convicted, this would mark the first successful prosecution under the province’s health privacy law, which came into force more than a decade ago. They could each face fines of up to $50,000.

The commissioner’s request for action sends a clear message to all health care professionals that it is not acceptable to “rifle through someone’s medical file just because you’re curious,” according to former Privacy Commissioner Ann Cavoukian. Ford’s health records have been breached on four separate occasions in at least three Toronto hospitals since his cancer diagnosis last September.

Friday, April 17, 2015

Target has settled lawsuits with banks and credit unions issuing MasterCards that were affected by a 2013 data breach that compromised 40 million debit and credit cards.

Target is setting aside $19 million for the financial services institutions for operating costs and fraud-related losses on cards impacted by the data privacy breach.

"[the breach] rattled shoppers who stayed away from the retailer as they were nervous about the security of their private data." - ABC News

The breach which occurred during the holiday season rattled customers about the security of their private data. Target and has overhauled its security and technology operations as a result of the massive breach.

Thursday, April 16, 2015

A healthcare worker in Canada accessed 39 confidential patient information out of curiosity about friends and neighbors.

She had nothing to do with the care of these patients and therefore was not authorized to look at their records. Her employment with the hospital has been terminated.

"an employee who had nothing to do with the care of 39 patients accessed their health records out of curiosity about friends or neighbours." - Health Authority

The breach was discovered after third party allegations about the inappropriate access. Rather than learn of data privacy breaches from third parties, healthcare organizations can detect them proactively with low-cost on-demand SaaS analytics services.

As is too often the case, law enforcement discovered the ID thefts, not the organization holding the PII. Organizations seeking to proactively detect identity thefts and data privacy breaches can utilize low-cost on-demand SaaS analytics services.

Tuesday, April 14, 2015

A Mississippi optometrist stole patients' personal information (PII) so that he could notify them of his new practice.

This privacy breach occurred when the doctor copied patients’ information onto a thumb drive, but it just as easily could have been photos of data on a screen taken with a smartphone, which increasingly is being used for data theft.

The data theft was discovered by a victim, rather than the organization holding the PII, as is all too often the case. Organizations seeking to proactively detect data privacy breaches and identity theft can utilize low-cost on-demand SaaS analytics services

Monday, April 13, 2015

An employee of a union office in New York has pleaded guilty to exceeding authorized access to the state's Department of Motor Vehicles Drivers License Database.

As a union employee he was allowed limited access the database to confirm union members had a current commercial driver's license. However he violated this limit by accessing the database to determine who owned a vehicle seen near a picket line.

"Such an inquiry was outside the scope of the agreement between [the union] and the NYS DMV." - Assistant U.S. Attorney, Anthony M. Bruce

It is unclear how this data privacy breach, which occurred in 2005, was discovered. Organizations seeking to proactively detect such breaches can utilize low-cost on-demand SaaS analytics services.

Friday, April 10, 2015

Two Bronx men have been sentenced to prison for leading an identity theft ring that stole $850,000. They obtained customers' personal identifying information (PII) from bank tellers they recruited.

The ID theft ring operated from July 2010 through June 2014. During that time the corrupt bank tellers gave their confederates customers' account information and Social Security numbers which enabled the ring leaders to withdraw money from victims' accounts.

It is unclear how the identity thefts were discovered and why the thefts occurred for four years. Financial institutions seeking to proactively detect identity thefts by insiders can utilize low-cost on-demand SaaS analytics services.

Thursday, April 9, 2015

The Federal Communications Commission (FCC) has fined a US telco $25 million for allowing its employees to access personally identifiable information (PII) from 278,000 customer accounts without authorization. This represents the largest privacy and data security enforcement by the FCC to date.

During 2013 and 2014 the telco's call center employees stole PII and trafficked it to unauthorized third parties to unlock mobile phones.

"The commission will exercise its full authority against companies that fail to safeguard the personal information of their customers." - FCC Chairman Tom Wheeler

It is unclear how the ID thefts were discovered or why they occurred for such a long time period. Organizations seeking to proactively detect identity thefts and data privacy breaches can utilize low-cost on-demand SaaS analytics services.

As is often the case it seems the ID thefts were discovered by law enforcement, not the organization holding the PII. Healthcare organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.

Tuesday, April 7, 2015

Overall, healthcare added 22,300 jobs last month, driven in large part by ambulatory care, according to seasonally adjusted numbers from the U.S. Bureau of Labor Statistics.

A majority of job gains, 19,200 in March, continued to come from ambulatory providers. The Affordable Care Act has prompted more healthcare providers to invest in the outpatient setting which have led to higher demand for nurses and physician extenders.

Monday, April 6, 2015

A Pennsylvania fire department has warned that a rogue employee stole the personal information (PII) of patients who used ambulance services during an eight month period in 2012. But the breach only came to light in February 2015.

The fireman sold the stolen PII to a theft ring. About 750 patients may have had a breach of their information — including Social Security numbers, birth dates, and the names of primary health insurance carriers.

"The fire department says a rogue employee sold patient information to a theft ring in 2012." - CBS News, Philadelphia

It is unclear why it took three years to learn about the these ID thefts. Organizations seeking to proactively detect identity thefts and data privacy breaches can utilize low-cost on-demand SaaS analytics services.

Friday, April 3, 2015

A UK policeman was charged violating the Data Protection Act after he accessed restricted database records about his sisters out of curiosity.

Sentencing the officer, Sheriff Tierney said: “Despite a warning to the contrary from the computer you were accessing the information, allowing your curiosity to get the better of you, and as a consequence now face disciplinary procedures.

"Despite a warning to the contrary from the computer you were accessing the information, allowing your curiosity to get the better of you." - Sheriff Tierney

Thursday, April 2, 2015

Nine residents of Alabama and Georgia have pleaded guilty for their roles in a $20 million identity theft tax fraud (SIRF) ring.

In order to file false returns, the defendants obtained stolen identities from a Georgia military hospital. One of the ring members was a hospital employee who had access to the personal identifying information (PII) of military personnel, including soldiers who were deployed to Afghanistan.

"These defendants stole identities from military men and women who have volunteered to protect our country." - U.S. Attorney George L. Beck Jr., Middle District of Alabama

This identity theft ring, which operated from January 2011 through December 2013, stole over 7,000 identities and used them to file fradulent returnsthe defendants ran a large-scale identity theft ring in which they filed more than 7,000 false tax returns. It seems the identity thefts were discovered by the IRS, not the military hospital. Organizations seeking to proactively detect identity thefts and data privacy breaches can utilize low-cost on-demand SaaS analytics services.